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(54) A method, a communication network and a computer software product for distributing 
software packages or updates 



(57) The invention relates to a nnethod for distribut- 
ing a software package or update over a connmunicatlon 
network, where the communication network comprises 
a server system (S') and at least one client system (Ci'). 
The method comprises the steps of distributing (P3) the 
software package or update to the at least one client 
system (Ci') via the communication system (NCI') by the 
server system (S') and Installing the software package 



or update on the at least one client system (Ci'), and 
comprises the further steps of distributing (P6) the soft- 
ware package or update to a further client system via 
the communication system (NCj') by the at least one cli- 
ent system. The invention relates also to a server sys- 
tem (S'), a client system (Ci'), a communication network 
(Nci', NCj'), and corresponding computer software prod- 
ucts. 
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Description 

[0001] The present invention relates to a method for 
distributing a software package or update over a com- 
munication network. The invention further relates to a 
communication network, a server system, a client sys- 
tem, and computer software products. 
[0002] Due to the complexity of computer systems 
and (tele)communication systems, as well as the (tele) 
communication networks and the emerging techniques 
and developments in intruding systems, it is highly nec- 
essary to keep these systems up-to-date, i.e. keeping 
the software operable on its latest release. 
[0003] There are many techniques known for keeping 
software driven systems up-to-date, e.g. manually or 
automatically patching, new (re-)installations, or up- 
dates. Especially for virus protection means virus pat- 
terns and treatments are deployed continuously in order 
to enable such a software driven system recognizing in- 
fections and applying the corresponding treatment. 
[0004] Systems and methods for distributing software 
(applications and data) to many clients over a network 
are well known. Usually there are servers for deploying 
the software updates and clients that consume these 
software updates. There exist already many variants of 
update (transfer) protocols. One variant is that the serv- 
er continuously updates the client's software. 
[0005] Another variant Is that the client is more active 
and requests for software updates, e.g. event-driven. 
[0006] The US Patent Application No. 6,123,737 de- 
scribes an update (transfer) protocol for deploying a 
software package by triggers that are sent to servers. In 
response the sen/ers create a notification package for 
a client. The notification instructs the server to automat- 
ically push a software package to the client computer 
over a communications interface. 
[0007] A system comprising self-updating clients, re- 
alized by a managed update procedure using a network 
connection to a supporting sen/er is known from the US 
Patent Application No. 6,067,351. 
[0008] An example of a self-distributing piece of soft- 
ware is a worm, e.g. the Code Red virus. This virus was 
one of the first of a family of new self-propagating mali- 
cious codes that exploits network systems. The Code 
Red worm is self- replicating malicious code that exploits 
a vulnerability in several servers. A worni attack pro- 
ceeds as follows. The virus attempts to connect to a ran- 
domly chosen host assuming that a web server will be 
found. Upon a successful connection the attacking host 
sends a crafted HTTP GET request to the victim, at- 
tempting to exploit a buffer overflow in an indexing serv- 
ice. The same exploit (HTTP GET request) is sent to 
each of the randomly chosen hosts due to the self-prop- 
agating nature of the womi. 

[0009] Depending on the configuration of the host 
which receives this request, there are varied conse- 
quences, e.g. when the exploit is successful, the womn 
begins executing on the victim host. In addition to pos- 



sible web site defacement, infected systems may expe- 
rience performance degradation as a result of the scan- 
ning activity of this worm. This degradation can become 
quite severe since it is possible for a worm to infect a 

5 machine multiple times simultaneously. Non-compro- 
mised systems and networks that are being scanned by 
other infected hosts may experience severe denial of 
service. Furthermore, it is important to note that while 
the Code Red worm appears to merely deface web pag- 

10 es on affected systems and attack other systems, the 
indexing vulnerability it exploits can be used to execute 
arbitrary code in the local system security context. This 
level of privilege effectively gives an attacker complete 
control of the victim system. 

15 [0010] Due to the exponential distribution behavior of 
such virus infections and propagating (network) mal- 
functions there is a need for a fast and efficient remedy 
(cure). 

[0011] This problem Is solved for distributing a soft- 
20 ware package or update over a communication network, 
the communication network comprises a server system 
and at least two client systems, said method comprises 
the steps of: 

25 - distributing the software package or update to the 
at least one client of the at least two client systems 
via the communication system by the server system 
and 

distributing the software package or update (recur- 
30 sively) to a further client system via the communi- 
cation system by the at least one client of the at least 
two client systems (until the further client system is 
already updated). 

35 [0012] The problem is further solved by a communi- 
cation network comprising a server system and at least 
one client system, the server system comprising distri- 
bution means for distributing a software package or up- 
date to the at least one client system, the at least one 

40 client system comprises installation means for installing 
the software package or update on the at least one client 
system, where the at least one client system comprises 
distribution means for distributing the software package 
or update to a further client system, too. 

45 [0013] Accordingly, the problem is solved inter alia by 
a server system for a communication network compris- 
ing at least one client system, the sen/er system com- 
prising distribution means for distributing a software 
package or update to the at least one client system, the 

50 at least one client system comprises installation means 
for installing the software package or update on the at 
least one client system, where the server system further 
comprises control means for controlling the at least one 
client to distribute the software package or update to a 

55 f u rther cl ien t system . 

[0014] And the problem is soived by a client system 
for a communication network comprising a server sys- 
tem, the server system comprising distribution means 
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for distributing a software package o r update to the client 
system, the client system comprises installation means 
for installing the software package or update on the cli- 
ent system, where the client system comprises distribu- 
tion means for distributing the software package or up- 
date to a further client system. 

[001 5] The problem is solved by a computer software 
product realizing a software package or update to be 
distributed over a communication network to a client 
system, the computer software product comprising pro- 
gramming means implementing deployment means and 
container means for distributing the software package 
or update to a further client system (recursively) via a 
communication system. 

[001 6] . And the problem is solved by a computer soft- 
ware product for distributing a software package or up- 
date over a communication network as described In the 
above method. 

[0017] in other words a patch or update deployment 
pattern itself acts like a virus, Infecting all systems that 
are not vaccinated with the method the vaccination 
should prevent. After being infected, the system is 
forced to distribute the remedy virus. In a subsequent 
step the virus patches the system in a way that e.g. vi- 
ruses, using this method of access and the remedy itself 
are not able to infect a cured system again. 
[0018] The effect of this procedure Is, that all systems, 
that are not cured will help to distributed the remedy. 
This will result in a very quick distribution of the required 
patches. 

[0019] Accordingly, It is an advantage of the present 
invention to provide fast and effective distribution of soft- 
ware patches and updates in a communication network. 
[0020] Another advantage of the present invention is 
the increased security and reliability. 
[0021 ] A further advantage of the present invention is 
the silent installation of patches that enhance update 
quality and patch quality thus indirectly reducing the re- 
quirements on activity of system operators. 
[0022] Yet another advantage of the present invention 
is that the invention provides a method with an ad- 
vanced deployment pattern that can even cope with 
womis and communication network degradations. 
[0023] These and many other objects and advantag- 
es of the present invention will become apparent to 
those of ordinary skill in the art from a consideration of 
the drawings and ensuing description. 

Figure. 1 is a schematic drawing of a prior art de- 
ployment pattern of an update. 

Figure. 2 is a schematic drawing of a method for 
distributing a software package or update over a 
communication network according to the invention. 

Figure. 3 is a schematic drawing deployment pat- 
tern of an update forced by the method according 
to the Invention. 



[0024] Figure 1 shows a server system S and a set of 
client systems C1 , C2, .... C9. Each client system is con- 
nected via a networi< connection NC1, NC2, .... NC9 
with the server system S, respectively. The server sys- 
5 tem S and a client system CI communicates by an up- 
date transfer protocol UTP over the network connection 
NCI. 

[0025] Thus the server S can update the client sys- 
tem's Ci's software or the client system Ci could update 

10 its software by commonly identifying the corresponding 
software package or update and downloading It from the 
server system S and installing it on the client system Ci 
using the update transfer protocol UTP. 
[0026] There are 9 client systems C1, C2. .... C9 

15 shown. When a new update arises, the server system 
S has to process 9 updates, one for each client system 
CI , C2, C9 in order to update all the client systems 
CI , C2, C9. This requires about 9 times of one up- 
date. 1 n general n client updates would have a time com- 

20 piexlty of 0(n). 

[0027] Figure 2 Illustrates the steps of the distributing 
method according to the invention and where, i.e. at 
which site, these steps have to be perfomned. The figure 
shows a server system site S', a network connection site 

25 NCi', and a client system site Ci'. The figure further 
shows update process phases, namely a new software 
package is available P1, an encapsulation in a virus 
shell P2, a distribution phase P3, an infection phase P4, 
an installation of the software package P5, and a further 

30 distribution phase P6. 

[0028] The new software package is available PI at 
the server system site S' initiates the process. There, at 
the server system site S', the new software package be- 
comes a virus by the encapsulation in a virus shell P2. 

35 The result is deployed via the network connection site 
NCI', received at the client system site Ci' while the disr 
tributlon phase PS. The client system site Ci' becomes 
Infected while the infection phase P4, and the encapsu- 
lated software is installed while the installation of the 

40 software package P5. Then, in advance the virus is fur- 
ther deployed over another network connection NCj' in 
the further distribution phase P6. 

[0029] In other words: deploy updates by generating 
a virus comprising deployment means and container 

45 nneans for said software package and distributing said 
virus over said communication network by a server sys- 
tem, and infecting said at least one client system and 
forcing said client system further installing said software 
package and distributing said virus over said communi- 

50 cation networi< for infecting further client systems. 

[0030] The client itself might have the deployment 
means to propagate update Information, An advanced 
update transfer protocol might enable a client system to 
provide feedback about the installation and the propa- 

55 gation. 

[0031 ] The method formalizes the provision of a sys- 
tem to distribute patches, e.g. against viruses, using the 
virus' distribution mechanism. The system might invoke 
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operators to indicate the remedy (available update) of 
the system including the ability e.g. to provide charging 
for or to control the distribution. 

[0032] Figure 3 shows a (advanced) server system S' 
andasetof (advanced) client systems CV, C2', C9'. 
The server system S' and the client systems C1 C2', .... 
C9' are inter-connected via the network connections 
NCV, NC2', NC9'. 

[0033] The server can distribute software updates ac- 
cording to the method illustrated in figure 2. There are 
9 client systems C1', C2\ C9' shown. When a new 
update arises, the new update is deployed In waves. 
[0034] Assume a first deployment from the server sys- 
tem S' to the client system CV requiring the time of one 
update. In the second deployment wave the server sys- 
tem S' and the client CI ' deploy respectively the update 
to two further client system C2' and C3', respectively, 
via the network connections NC2' and NC3'. In the third 
deployment wave the server system S* and the already 
updated client systems C1 C2', and C3' deploy respec- 
tively the update to further4 client systems C4', C5', C6', 
and C7', respectively, via the network connections NC4', 
NC5', NC6, and NC7. In a further deployment wave the 
remaining client systems C8' and C9' are updated via 
the network connections NC8' and NC9'. The whole pro- 
cedure requires about 4 times of one update. In general 
n client updates would have a time complexity of O(log 
n). The effect of the claimed method is that all systems, 
that are cured will help to distribute the remedy. This will 
result in a very quick distribution of the required patches 
for the operating systems. 

[0035] In order to highly multiple updates the ad- 
vanced update transfer protocol might comprise means 
for providing feedback on an update, e.g. which further 
clients were also updated, recursively. Such an informa- 
tion could be used at the advanced server system keep- 
ing track of the update deployments. The coordination 
of the updates might be randomly driven, self-organiz- 
ing, in a dynamic way based on environmental aspects 
like network connectivity, or even static, i.e. the deploy- 
ment graph (tree) is fix. 

[0036] The virus remedy works using a simple princi- 
ple. It is itself a virus, that infects all client systems that 
are not vaccinated with the method the vaccination 
should prevent. After being Infected, the client system 
is forced to distribute the remedy virus. 
[0037] In a subsequent step the virus patches the cli- 
ent system in a way that viruses, using this method of 
access and the remedy itself are not able to infect a 
cured system again. 

[0038] An advanced update transfer protocol might 
have capabilities interactively to aggregate and coordi- 
nate update resources, e.g. for managing multiple client 
updates, partial updates, or even an assignment about 
update responsibility or update authority. 
[0039] The software package or update Itself cou Id be 
designed to comprise the virus functionality. I.e. a virus 
shell. - 



[0040] Currently there is a trend in computer science 
to solve problems using nature-analogous methods, e. 
g. neuronal networks, genetic algorithms etc. The cor- 
responding biological object to this invention is a retro- 
5 virus. 

[0041 ] Retroviruses are infectious particles consisting 
of an RNA genome (the software update) packaged in 
a protein capsid, surrounded by a lipid envelope (the 
container). This lipid envelope contains polypeptide 

10 chains including receptor binding proteins which link to 
the membrane receptors of the host cell, initiating the 
process of infection (the distribution). 
[0042] Retroviruses contain RNA as the hereditary 
material in place of the more common DNA. In addition 

15 to RNA, retrovirus particles also contain the enzyme re- 
verse transcriptase (or RTase), which causes synthesis 
of a complementary DNA molecule (cDNA) using virus 
RNA as a template (the update). 

[0043] When a retrovirus infects a cell, it injects its 
20 RNA into the cytoplasm of that cell along with the re- 
verse transcriptase enzyme. The cDNA produced from 
the RNA template contains the virally derived genetic 
instructions and allows infection of the host cell to pro- 
ceed (the recursive distribution). 
25 [0044] The capsis could e.g. preferably realized by an 
mobile agent using a mobile agent platform or any other 
applicable technique like the security leaks in several 
web servers that are e.g. used by Code Red. 

30 

Claims 

1 . A method for distributing a software package or up- 
date over a communication network, the communi- 

35 cation network comprises a server system (S') and 
at least two client systems (Ci', Cj'), said method 
comprises the step of: 

distributing (P3) the software package or up- 
40 date to the at least one client (CI') of the at least 

two client systems via the communication sys- 
tem (NCi') by the server system (S'), 

characterized by comprising the funher step of 

45 

distributing (P6) the software package or up- 
date to a further client system (Cj') via the com- 
munication system (NCj') by the at least one cli- 
ent (Ci') of the at least two client systems. 

50 

2. The method according to claim 1 , characterized in 
that said method comprises a further step installing 
(P5) the software package or update on the at least 
one (Ci') of the at least two client systems. 

55 

3. The method according to claim 1 , characterized in 
that said software package is an anti-virus pattern. 
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4. The method according claim 3, characterized in 
that the method comprising the step of removing 
the virus intruding leak. 

5. The method according to claim 1 , characterized by 5 
comprising a further step of Informing the at least 
one (Ci') of the at least two client systems about the 
distributing activity. 

6. The method according to claim 1 , characterized by io 
comprising a further step of informing the server 
system (S') about the Installation or distribution ac- 
tivity of the at least one client system. 



nication network to a client system (CI'), 
characterized by comprising programming means 
Implementing deployment means and container 
means for distributing (P6) the software package or 
update to a further client system (Cj') via a commu- 
nication system (NCj'). 

12. A computer software product for distributing a soft- 
ware package or update over a communication net- 
work, characterized by comprising pi-ogramming 
means implementing the method according to claim 
1. 



7. A communication network comprising a server sys- i5 
tem (S') and at least one client system (Ci'), the 
server system (S') comprising distribution means 
for distributing a software package or update to the 
at least one client system (Ci') , the at least one client 
system (Ci') comprises installation means for in- 20 
stalling the software package or update on the at 
least one client system (Ci'), characterized in that 
the at least one client system (Ci') comprises distri- 
bution means for distributing the software package 
or update to a further client system (Cj'). 25 



8. The communication network according to claim 5, . 
characterized in that the server system (S') further 
comprises control means for controlling the at least 
one client system (Ci') to distribute the software 30 
package or update to a further client system (Cj'). 

9. A server system (S') for a communication network 
comprising at least one client system (Ci'), the serv- 
er system (S') comprising distribution means for dis- 35 
trlbuting a software package or update to the at 
least one client system, the at least one client sys- 
tem (Ci') comprises installation means for installing 

the software package or update on the at least one 
client system (CI'), characterized in that the server 40 
system (S') further comprises control means for 
controlling the at least one client system (Ci') to dis- 
tribute the software package or update to a further 
client system (C)'). 

45 

10. A client system (CI') for a communication network 
comprising a server system (S'), the server system 
(S') comprising distribution means for distributing a 
software package or update to a client system (CI'), 

the client system (Ci') comprises installation means so 
for installing the software package or update on the 
client system (Ci'), characterized in that the client 
system (Ci') comprises distribution means for dis- 
tributing the software package or update to a further 
client system (Cj'). 55 

11. A computer software product realizing a software 
package or update to be distributed over a commu- 
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